TLDR:
- QNAP released a security advisory for multiple vulnerabilities in their products.
- A 0-day flaw was discovered in the quick.cgi component of QNAP QTS firmware, potentially affecting over 289,000 devices.
Last week, QNAP addressed vulnerabilities in their QTS, QuTS hero, and QuTScloud products with a severity rating of 5.8. However, it was found that over 289,000 devices were vulnerable to a 0-day flaw. This vulnerability, associated with a command injection in the quick.cgi component of QNAP QTS firmware, allows threat actors to execute arbitrary commands on the device without authentication. The affected devices were mainly located in Germany, USA, China, Italy, Japan, Taiwan, France, and other countries.
To mitigate this flaw, users are advised to test a specific URL on their browsers and update their operating systems to the recommended versions. If the device is still vulnerable, contacting QNAP technical support is recommended. Stay updated on cybersecurity news and follow Cyber Security News on LinkedIn and Twitter for more information.